Groovy Principal Id
Returns a username attribute value as the final result of a groovy script’s execution. Groovy scripts whether inlined or external will receive and have access to the following variable bindings:
id
: The existing identifier for the authenticated principal.attributes
: A map of attributes currently resolved for the principal.service
: The service object that is matched by the registered service definition.logger
: A logger object, able to providelogger.info(...)
operations, etc.
-
Embed the groovy script directly inside the service configuration.
1 2 3 4 5 6 7 8 9 10 11 12
{ "@class" : "org.apereo.cas.services.CasRegisteredService", "serviceId" : "sample", "name" : "sample", "id" : 600, "description" : "sample", "usernameAttributeProvider" : { "@class" : "org.apereo.cas.services.GroovyRegisteredServiceUsernameProvider", "groovyScript" : "groovy { return attributes['uid'][0] + '123456789' }", "canonicalizationMode" : "UPPER" } }
Note that the
uid
attribute in the above example is resolved internally as a multivalued attribute, as should all attributes when fetched by CAS. So the above example uses the[0]
syntax to fetch the first value of the attribute. -
Reference the groovy script as an external resource outside the service configuration. The script must return a single
String
value.1 2 3 4 5 6 7 8 9 10 11 12
{ "@class" : "org.apereo.cas.services.CasRegisteredService", "serviceId" : "sample", "name" : "sample", "id" : 600, "description" : "sample", "usernameAttributeProvider" : { "@class" : "org.apereo.cas.services.GroovyRegisteredServiceUsernameProvider", "groovyScript" : "file:///etc/cas/sampleService.groovy", "canonicalizationMode" : "UPPER" } }
Sample Groovy script follows:
1 2
logger.info("Choosing username attribute out of attributes $attributes") return "newPrincipalId"
The configuration of this component qualifies to use the Spring Expression Language syntax.